China is conducting a massive DDoS attack against GitHub

GitHub.com, a popular code repository, hosts two projects that allow users in China to bypass the Great Firewall of China (GFW) to view the New York Times and GreatFire.org.

This attack is designed to take down GitHub and the GFW projects using a technique called Man-on-the-Side attack. When a user visits a website that is behind the GFW, the firewall itself returns to the user browser attack code that takes part in a distributed denial of service (DDoS) attack against GitHub. The attack code tells the browser to continuously reload the GitHub project URL with the purpose of overloading the server. This process is magnified over millions of times to create what GitHub has called “the largest DDoS attack in github.com’s history”.

As described by Netresec:

In short, this is how this Man-on-the-Side attack is carried out:
1. An innocent user is browsing the internet from outside China.
2. One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
3. The web browser’s request for the Baidu javascript is detected by the Chinese passive infrastructure.
4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user’s browser to continuously reload two specific pages on GitHub.com.

As stated on Vice.com: “In other words, even people outside China are being weaponized to target things the Chinese government does not like[.]”

Fortunately this latest attempt at Internet censorship can be prevented with encryption. Encrypting web traffic through HTTPS makes it much harder for the GFW to view and manipulate network traffic between client and server. With network traffic encrypted the firewall would not be able to read let alone insert attack code sent back to the client. This option is not foolproof and there are a ways that the GFW can read encrypted traffic, but encrypting all web traffic will go a long way to prevent these types of attacks from nations and criminals alike.

Lets Encrypt https://letsencrypt.org Sponsored by EFF, Cisco, Mozilla, Akamai

More Information about the attack:

Netresec.com China’s Man-on-the-Side Attack on GitHub:

TechDirt.com China’s Great Firewall Turned Around: Why China Wants To Censor Global Internet

EFF.org China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack

ThreatPost: DDOS ATTACK ON GITHUB LINKED TO EARLIER ONE AGAINST GREATFIRE.ORG

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.